CVE-2011-2722 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	1.2 UNKNOWN	LOCAL	HIGH		AV:L/AC:H/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Vendor	Product	Version
hp	linux_imaging_and_printing_project	𝑥 ≤ 3.11.5
hp	linux_imaging_and_printing_project	3.9.2
hp	linux_imaging_and_printing_project	3.9.4
hp	linux_imaging_and_printing_project	3.9.4b:b
hp	linux_imaging_and_printing_project	3.9.6
hp	linux_imaging_and_printing_project	3.9.8
hp	linux_imaging_and_printing_project	3.9.10
hp	linux_imaging_and_printing_project	3.9.12
hp	linux_imaging_and_printing_project	3.10.2
hp	linux_imaging_and_printing_project	3.10.5
hp	linux_imaging_and_printing_project	3.10.6
hp	linux_imaging_and_printing_project	3.10.9
hp	linux_imaging_and_printing_project	3.11.1
hp	linux_imaging_and_printing_project	3.11.3
hp	linux_imaging_and_printing_project	3.11.3a:a
hp	linux_imaging_and_printing_project	3.11.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

hplip

bullseye	3.21.2+dfsg1-2 fixed
lenny	not-affected
bookworm	3.22.10+dfsg0-2 fixed
sid	3.22.10+dfsg0-5.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

hplip

raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	ignored
natty	ignored
maverick	ignored
lucid	Fixed 3.10.2-2ubuntu2.4 released
hardy	ignored

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://hplipopensource.com/hplip-web/release_notes.html

http://rhn.redhat.com/errata/RHSA-2013-0133.html

http://secunia.com/advisories/48441

http://secunia.com/advisories/55083

http://security.gentoo.org/glsa/glsa-201203-17.xml

http://www.openwall.com/lists/oss-security/2011/07/26/14

http://www.ubuntu.com/usn/USN-1981-1

https://bugs.launchpad.net/hplip/+bug/809904

https://bugzilla.novell.com/show_bug.cgi?id=704608

https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff

https://bugzilla.redhat.com/show_bug.cgi?id=725830

http://hplipopensource.com/hplip-web/release_notes.html

http://rhn.redhat.com/errata/RHSA-2013-0133.html

http://secunia.com/advisories/48441

http://secunia.com/advisories/55083

http://security.gentoo.org/glsa/glsa-201203-17.xml

http://www.openwall.com/lists/oss-security/2011/07/26/14

http://www.ubuntu.com/usn/USN-1981-1

https://bugs.launchpad.net/hplip/+bug/809904

https://bugzilla.novell.com/show_bug.cgi?id=704608

https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff

https://bugzilla.redhat.com/show_bug.cgi?id=725830